The problem posed by insider threats is getting bigger, with 68% of organizations reporting a rise in the frequency of insider attacks in the past 12 months. Insider threats refer to cyber threats that originate from within an organization, meaning employees with authorized access exploit their privilege to steal or leak confidential data. However, insider attacks are not always intentional, and privileged IT users sometimes unwittingly end up compromising their company’s security. In fact, negligent employees or contractors are responsible for 62% of insider incidents.
The potential consequences of insider threat attacks shouldn’t be overlooked. Business leaders are increasingly realizing the importance of making sure their sensitive assets are secure, as the organization's revenue and reputation are at stake. Companies must make it a priority to improve identity security in order to safeguard their critical assets. In particular, controlling who has privileged access to sensitive information is vital to prevent data leaks originating from within the organization.
Business leaders must keep in mind that, in today’s unstable economic climate in which financial gains can be an important driver for malicious insiders, the risk of experiencing a data breach is even bigger. So, organizations must be prepared to navigate the economic uncertainty and combat the surge in insider threats that is intensified by current workforce trends.
Senior Director of Architecture Services & Incident Response at CyberArk.
1. The identity security risks resulting from workforce reductions
Companies must keep in mind that any employees’ layoff or resignation comes with the risk of this person taking confidential information with them. According to the 2023 CyberArk Identity Security Threat Landscape Report, 58% of security professionals globally have reported cases of departing employees saving sensitive work documents outside of policy. So, when facing organizational turmoil, rising concerns about layoffs might result in a surge in insider threats.
One such example is a high-profile insider threat incident at a major drinks manufacturer where an engineer exfiltrated trade secret documents worth nearly $120 million after learning the company was planning to lay her off. The engineer was one of the only two privileged users with exclusive access to the details of a top-secret chemical formula. Although she was ultimately convicted and sentenced for her crime, this case reflects the challenges faced by many businesses in protecting intellectual property and sensitive information, particularly during workforce changes. In fact, according to 68% of security decision-makers worldwide, new identity security concerns will arise as a result of layoffs and workforce churn in the upcoming year.
2. The challenges of building third-party relationships based on trust
While employees do have insider access to sensitive information, they are not the only ones who can expose a company’s confidential data: third party vendors such as contractors can also be responsible for insider threats. If a third-party relationship ends and privileged access to work documents is not immediately revoked, the vendor could continue to view and share a company’s sensitive information, regardless of the circumstances. So, even if an organization and a third party end their relationship on good terms, there is always a risk of company assets being exploited maliciously.
Additionally, external actors can compromise and abuse third-party vendors to gain access to their business partner’s critical information. For example, a few years ago, bad actors exploited a third-party application used by Marriott Hotels to gain access to guests’ sensitive information. Attackers managed to log in to the application using the credentials of two Marriott employees, and the personal records of 5.2 million Marriott guests was leaked as a result. No surprise, then, that the CyberArk 2023 Identity Security Threat Landscape Report reveals that security professionals believe third parties, including partners, consultants and service providers, represent the riskiest human identities.
3. The correlation between the escalating “resenteeism” and insider threats
In today’s uncertain economic climate, filled with layoffs and recession fears, most employees do not want to risk losing their source of income. So, while the Great Resignation was very topical last year, it seems resignations have slowed, with many employees remaining in their current position even if they feel dissatisfied with their jobs or burned out. This has given rise to a workplace buzzword known as “resenteeism” which is used to describe workers who are unhappy in their current position and express their grievances openly.
This phenomenon can have a very negative impact on workplace culture, productivity, and can drive malicious insider threat incidents. For example, an employee who feels undervalued and whose promotion request has been repeatedly denied may develop a sense of resentment towards their organization, which may motivate them to steal or leak sensitive data to “get even”. Some employees might even openly advertise their capacity to exploit their authorized access to jeopardize their organization's security. 63% of businesses do not adequately secure the highest sensitivity access granted to their employees, giving malicious actors ample opportunities to steal sensitive information.
4. Financial hardship is driving data leaks
Many individuals across the UK are facing financial challenges due to rising inflation and the escalating cost of living, which may eventually lead to a rise in financially motivated insider threats. Research shows privilege misuse – employees abusing their authorized access – is the main cause of intentional internal data breaches and is often paired with fraudulent transactions. 59% of all data breach incidents have a financial goal.
A typical situation involves a financial controller, with privileged access to systems where bank accounts and routing information are listed, illicitly moving funds into their own personal account. This practice poses considerable challenges as it not only allows individuals to redirect substantial resources from their organization, but also proves difficult to track.
5. Employees’ increasing stress level triggers security concerns
Workforce reductions and turnover impose a major burden on remaining employees, often resulting in heightened stress levels due to the additional work and responsibilities they’re expected to take on. This can directly contribute to an increase in mistakes. As such, overworked and overstressed employees are more susceptible to falling victims to phishing attacks and other forms of social engineering attacks. Factors like burnout – affecting 59% of UK senior cybersecurity professionals – further amplify the issue as security teams are not as vigilant to potential risks as they should be.
Overworked and overstressed employees could make it easier for phishing attackers to “hook” credentials and, considering 50% of workforce identities have access to sensitive corporate data, these individuals serve as ideal entry points for attackers seeking to gain access to company assets.
It’s time to remove trust from your identity security strategy
In today’s challenging economic times and ever-evolving threat landscape, insider threats are a burning issue. In the face of these rising security risks, organizations must now prioritize a Zero Trust and least privilege approach. This strategy ensures full visibility and control over who can access the company’s sensitive data, facilitating quick detection of access abuse and rapid reaction to prevent a data leak. Only by removing trust from the equation can companies improve cyber resilience, develop a solid identity security strategy and protect their critical assets.
We've featured the best business VPN.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
